"AWS Multi-Factor Authentication (AWS MFA) provides an extra level of security that you can apply to your AWS environment. You can enable AWS MFA for your AWS account and for individual AWS Identity and Access Management (IAM) users you have created under your account. With AWS MFA enabled, when a user signs in to an AWS website, they will be prompted for their username and password (the first factor – what they know), as well as for an authentication code from their AWS MFA device (the second factor – what they have). Taken together, these multiple factors provide increased security for your AWS account settings and resources. Once a customer obtains a supported hardware or virtual MFA device, AWS does not charge any additional fees for the use of AWS MFA. All AWS websites, including the AWS Management Console and the AWS Portal, are integrated with AWS MFA.
Now, with the use of hardware tokens, you can create the extra authentication code for MFS. However, the apps have to support the OATH TOTP (Open Authentication Time-Based One-Time Password) standard to generate the code. Note that the software option is cheaper ($13 per hardware token) and more flexible but the hardware is more secure.You can use this new feature through your smartphone by downloading the AWS Virtual MFA application for Android or by downloading alternative applications for iPhone or BlackBerry. Amazon wrote a blog post a blog post on how to set up the console.